Self-host Rajdhani font and remove unsafe-inline from CSP#34
Merged
Conversation
- Add woff2 font files for Rajdhani (500, 600, 700) to assets/fonts/ - Create fonts.css with @font-face declarations - Remove Google Fonts CDN links and preconnect from both HTML files - Remove unsafe-inline from style-src and update font-src to 'self' in CSP Agent-Logs-Url: https://github.com/Ilia01/Beacon/sessions/4659a37b-89be-454d-aa1d-e97931227613 Co-authored-by: Ilia01 <155351862+Ilia01@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Self-host Rajdhani font and remove unsafe-inline from CSP
Self-host Rajdhani font and remove unsafe-inline from CSP
Apr 10, 2026
There was a problem hiding this comment.
Pull request overview
This PR self-hosts the Rajdhani font and tightens the renderer Content Security Policy by removing external Google Fonts dependencies and dropping style-src 'unsafe-inline'.
Changes:
- Added local
@font-facedeclarations via a newsrc/renderer/fonts.css. - Removed Google Fonts CDN
<link>/ preconnect tags from renderer HTML files. - Tightened CSP to
style-src 'self'andfont-src 'self'.
Reviewed changes
Copilot reviewed 3 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/renderer/index.html | Removes Google Fonts links; loads local fonts.css; tightens CSP. |
| src/renderer/hub.html | Removes Google Fonts links; loads local fonts.css; tightens CSP. |
| src/renderer/fonts.css | Introduces local @font-face rules pointing to bundled .woff2 assets. |
| assets/fonts/rajdhani-latin-500-normal.woff2 | Adds bundled Rajdhani 500 weight font binary. |
| assets/fonts/rajdhani-latin-600-normal.woff2 | Adds bundled Rajdhani 600 weight font binary. |
| assets/fonts/rajdhani-latin-700-normal.woff2 | Adds bundled Rajdhani 700 weight font binary. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Owner
|
@copilot apply changes based on the comments in this thread |
Agent-Logs-Url: https://github.com/Ilia01/Beacon/sessions/9b20272a-0196-4444-a60e-c82d9a5034a8 Co-authored-by: Ilia01 <155351862+Ilia01@users.noreply.github.com>
Contributor
Author
Added |
Ilia01
added a commit
that referenced
this pull request
Apr 10, 2026
8 tasks
Copilot AI
added a commit
that referenced
this pull request
Apr 10, 2026
Reset branch to current main (after rewrite) and cleanly reapply the post-game summary feature: - summaryLog tracks every prompt (uncapped), promptHistory stays capped at 20 - buildGameSummary() aggregates summaryLog into per-category entries - GameSummaryEntry.category strongly typed as PromptCategory - Hub resizes in-place via getBounds/setBounds (no re-centering) - Hub resets to default height on game-started - Summary section in hub UI, hidden by default, rendered on game-end - 6 new tests in summary.test.ts Preserves all features from #34, #37, #38, #40. Agent-Logs-Url: https://github.com/Ilia01/Beacon/sessions/e256904c-7a23-4575-a5e2-3c3df7bece08 Co-authored-by: Ilia01 <155351862+Ilia01@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changed
assets/fonts/src/renderer/fonts.csswith local@font-facedeclarations<link>and preconnect tags from both HTML filesstyle-src 'self'(dropped'unsafe-inline'),font-src 'self'(droppedhttps://fonts.gstatic.com)assets/fonts/OFL.txtwith the SIL Open Font License 1.1 (copyright Indian Type Foundry) for distribution complianceWhy
External font loading adds latency and
unsafe-inlineinstyle-srcweakens CSP. Self-hosting eliminates the CDN dependency and allows a strict policy. The accompanying OFL.txt ensures proper license attribution when distributing the packaged app.How to test
Checklist